#!/bin/bash

# Generate self-signed certificate for testing

echo "Generating self-signed certificate..."

# Check if openssl is installed
if ! command -v openssl &> /dev/null; then
    echo "Error: openssl is not installed"
    exit 1
fi

# Get domain name
read -p "Enter domain name (default: localhost): " DOMAIN
DOMAIN=${DOMAIN:-localhost}

# Generate certificate
openssl req -x509 -newkey rsa:4096 \
    -keyout key.pem -out cert.pem \
    -days 365 -nodes \
    -subj "/CN=$DOMAIN" \
    -addext "subjectAltName=DNS:$DOMAIN,DNS:*.$DOMAIN,IP:127.0.0.1"

echo ""
echo "Certificate generated successfully!"
echo "Certificate: cert.pem"
echo "Private key: key.pem"
echo ""
echo "⚠️  This is a self-signed certificate for testing only!"
echo "For production, use Let's Encrypt or a trusted CA."
